Bad Actors, Cyber Security, and Your Business

Transcript:

Hi! If you have been keeping up with today’s news, I am sure you have seen many headlines about the Colonial Pipeline cyberattack. To sum up the general story behind those headlines, ransomware actors launched a cyber attack on colonial pipeline’s billing system, which lead Colonial to then temporarily shut down their pipe line. This caused panic within the country as this major pipeline being closed lead to a lack of gasoline in the U.S. Although these ransomware actors were only looking for money, they still impacted the physical operation of the pipeline. This incident was an eye opener not only to people whose gas stations then had gas shortages, but any business may take a look at this incident and think “wow, what if this were my company who got hacked?” The COVID-19 pandemic has had a major impact on the economy of the nation. The new lack of employment due to the pandemic has lead more people looking for ways to make money from their computer, which may include hacking and ransomware. At the same time, the pandemic has brought most of our daily business life online. With the increased amount of company interactions taking place online, hackers now have more employees working online who they can try and manipulate. So, how do you protect yourself from bad actors, such as hackers and those using ransomware?

VP of operations at Precisions Systems Inc, Rightley McConnell, is here to discuss some suggestions that he has on how you can protect yourself from hackers and ransomware.

Well, the first step in protecting yourself is by understanding, who exactly are bad actors? Bad actors have a variety of motivations but generally, they can be grouped into three main categories. First are cyber terrorists, who are physically or ideologically motivated to cause some sort of damage to your business. Whether it be because they see themselves as activists, or they may even be sponsored by a state actor. To a lesser degree, somebody who just doesn’t know exactly what they are doing but they are just out trying to cause havoc. Then, there are cyber criminals and they are generally trying to extract money from your business. These companies are the ones, or these groups are the ones, who generally you will see creating ransomware and holding people’s data hostage in order to extract some kind of ransom out of them. And, finally, internal users can sometimes be bad actors that can either be accidental or intentional. So, these internal users may be just doing something they are not supposed to, or possibly have too much access to the wrong things and delete things or otherwise encrypt or destroy data. Or, they could be turned by other bad actors to act against you.

How do they get into your system? Well, unfortunately there are a variety of ways and it’s hard to protect against all of them. But, good general hygiene for cyber security is your best bet. So, some of the ways that they have gotten through in the past are through malicious websites which you might have seen before which have suspicious links and attempt to download content or a computer virus to anywhere on your network. There are also many attacks that are done on public facing websites. So, if your company has a website or service that is for use by the public or the customers that can be an attack factor for a bad actor to work against. There is also, of course, phishing, which we see a great deal of these days. They can come by way of email. They can be emails with links or attachments in them that download dangerous material or go to malicious websites. Or, even, through what look like legitimate outreach through social media platforms like LinkedIn or Facebook. You also can get bad actors attacking through vendors and customers. So, if those customers happen to have an attack upon their system, bad actors may be able to hijack their system and use it to send out information that looks legitimate to you from your customers and vendors like an invoice or payment, that actually contain some kind of virus or bad link. Finally – and this has actually happened – it has been proven that there is no good defense against sudden low technology attempts such as dropped USB drives. Dropping a USB drive in a parking lot, or somewhere outside of your business, or otherwise placing it such that an employee might bring it inside and just out of curiosity put it onto a computer in your network, is actually a valid attack factor that has been used in the past. 

How can you protect yourself from hackers and ransomware? Work with somebody who understands these threats and is tasked with keeping up with them as they evolve. This can be an internal resource team for IT, or it could be an external partner. But, most importantly, work with somebody that understands and helps keep you protected. In addition to that, it’s always a good idea to have your data encrypted and at rest on PCs and servers and also in transit when it is going across the web to any of your customers or vendors. So, using Bitlocker is a great way to do this and it’s built into many PCs these days because actually many bad actors will hijack this and use it to encrypt your PC. Well, if you’re already using it and have that protection then they wouldn’t be able to do that. Perhaps most importantly in addition to having an IT group who understands how to protect you from bad actors is having offsite backup. That could be an offsite cloud storage for your primary servers, or it can be a second server on the cloud and separate from your production system and give you a place to go back to get valid data that is pre-attack in order to go and bring the systems back up from fresh. Also, make sure to keep browsers, firewalls, PCs and servers … basically anything with an operating system or program that is an attack factor, up-to-date. So, constantly evolving threats are constantly being combative and keeping those things up to date is one of the best ways to keep yourself protected. Also, make sure that your employees understand the types of emails that they should be receiving from your customers and vendors. That includes voicemail to email systems, delivery services like UPS, FedEx and USPS. And, especially, with Microsoft office products there are many, many emails that come in saying that Microsoft office or some other program it’s going to expire. And, they may even look on the surface legitimate. However, once you look at where these emails are actually coming from in the domain, you’ll find that they are not legitimate and in fact they are probably someone attempting to gain access to your system. Finally, have a disaster recovery plan. Know that this can happen to your company, that no company is too small and not having a disaster recovery plan and knowing what you would do in the case of a ransomware or a virus wreaking havoc upon your network on your system. Know what you would do.

How do you detect a hacker? So, detecting a hacker unfortunately sometimes is quite obvious. Quite often when a ransomware attack occurs, some sort of message or error will pop up on your computer that is infected, and it will very blatantly tell you that your computer has been hacked and begin to demand and extract a ransom from you. There are other less obvious ways that you would detect that something is going on. This can be unexpected pop-up messages, passwords that no longer work for websites that you’ve used, contacts reporting that they are receiving emails or messages on social platforms from you that you know you didn’t send, or noticing that your outbound emails are being blocked. Blocked outbound emails are usually because a bad actor has taken over and is spoofing your emails and sending out junk mail with your name attached to it so that your company is becoming blacklisted on the web. So, looking out for any of these telltale signs can be an indication that you’ve got a problem.

What should you do if you detect a bad actor? First and foremost, alert your IT department or IT services company. Let them know immediately that there is a problem. The best way to allow it to spread is to do nothing about it, so make sure that the relevant folks inside and outside of your company are aware so that you can begin to contain the problem. Next, immediately and as expediently as possible quarantine the infected or even suspected devices. That means unplugging them from your network, turning off the Wi-Fi, heck, take a laptop and pull the battery out of it and unplug it if necessary. Then, from another PC, go about making sure that your bank account, and other important logins haven’t been compromised. And, just as a preventative measure, change the passwords on your most important accounts first – working your way through your least important accounts. But, changing those account passwords can really go a long way to helping make sure that whoever is acting against you is unable to find out data or take money from your business. Then, ensure that any other equipment that is on the network that doesn’t seem to be suspect is up-to-date. That could mean other servers, other PCs, and checking to make sure that browsers, operating systems, security patches have been installed – so that hopefully, anything that may have spread will not spread too far. Finally, after you’ve stopped the spread, unfortunately the only thing to do then is to restore the affected machines from your backed up data from your offsite backup service. This can unfortunately be painful. But, quick and frequent back ups can really help mitigate this and sometimes you may only lose just a few hours or a day of work.

Although gas prices have risen in certain areas of the country following the ransomware attack on the Colonial Pipeline, we can look at this incident as a learning experience. Modern events have reminded us the damage hackers can do to a business. It is important to review and learn more about proper protocol to prevent hackers and those looking to use ransomware to hack into a company’s sensitive information.

If you have any further questions, you can contact PSI